Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
``` +==============================================================================+ | | | /$$$$$$ /$$ | | /$$__ $$ | $$ | | /$$$$$$$ /$$$$$$ | $$ \__//$$$$$$ /$$$$$$ /$$ /$$ | | /$$_____/ |____ $$| $$$$ /$$__ $$|_ $$_/ | $$ | $$ | | | $$$$$$ /$$$$$$$| $$_/ | $$$$$$$$ | $$ | $$ | $$ | | \____ $$ /$$__ $$| $$ | $$_____/ | $$ /$$| $$ | $$ | | /$$$$$$$/| $$$$$$$| $$ | $$$$$$$ | $$$$/| $$$$$$$ | | |_______/ \_______/|__/ \_______/ \___/ \____ $$ | | /$$ | $$ | | | $$$$$$/ | | by pyup.io \______/ | | | +==============================================================================+ | REPORT | | checked 54 packages, using free DB (updated once a month) | +============================+===========+==========================+==========+ | package | installed | affected | ID | +============================+===========+==========================+==========+ | sqlalchemy-utils | 0.38.2 | >=0.27.0 | 42194 | +==============================================================================+ | Sqlalchemy-utils from version 0.27.0 'EncryptedType' uses by default AES | | with CBC mode. The IV that it uses is not random though. | | kvesteri/sqlalchemy-utils#166 | | kvesteri/sqlalchemy-utils#499 | +==============================================================================+ | ujson | 5.1.0 | <=5.1.0 | 46499 | +==============================================================================+ | UltraJSON (aka ujson) through 5.1.0 has a stack-based buffer overflow in | | Buffer_AppendIndentUnchecked (called from encode). Exploitation can, for | | example, use a large amount of indentation. | +==============================================================================+ ```
- Loading branch information
